
let fs = require("fs");
let mysql = {
    query: function (sql, value, res) {
        let mysql = require("mysql");

        let connection = mysql.createConnection({ host: '127.0.0.1', user: 'root', password: 'root', database: 'yiqing' });

        connection.connect();

        /**
         * 推荐使用占位符方式查询，占位符可以防止 sql注入 占了 80%漏洞都是sql
         */
        connection.query(sql, value, function (err, result) {

            let html = '';

            /**
             * <tr>
             <td>Tanmay</td>
             <td>Bangalore</td>
          </tr>
          <tr>
             <td>Sachin</td>
             <td>Mumbai</td>
          </tr>
             */
            for (let val in result) {
                html+='<tr>'
                html += '<td>' + result[val].city + "</td>"
                html += '<td>' + result[val].nums + "</td>"
                html+='</tr>'

            }
            
            fs.readFile("./home/html/index.html",function(err,data){
                console.log(err);
                let datas = data.toString();
                let formatHtml=datas.replace("{{result}}",html);
                connection.end();
                res.write(formatHtml);
                res.end();
    
            })
            
        })

    }
}

module.exports = mysql;